On Wed, 2017-05-31 at 16:55 -0700, Eric Dumazet wrote:
> The issue here is the timer firing while ip_mc_clear_src() has been
> already called.
>
> My patch should fix the problem.
>
> Or another one using del_timer_sync() instead of del_timer() in
> igmp_stop_timer(), but such a change would be more invasive,
> since the del_timer_sync() would need to happen while im->lock
> spinlock is not held.
BTW, I guess that Andrey could try to add a delay to trigger the bug
more often.
diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c
index
44fd86de2823dd17de16276a8ec01b190e69b8b4..84fff17daab0832c470a613b29b2aaade07cec0a
100644
--- a/net/ipv4/igmp.c
+++ b/net/ipv4/igmp.c
@@ -798,7 +798,7 @@ static void igmp_timer_expire(unsigned long data)
}
im->reporter = 1;
spin_unlock(&im->lock);
-
+ udelay(10000);
if (IGMP_V1_SEEN(in_dev))
igmp_send_report(in_dev, im, IGMP_HOST_MEMBERSHIP_REPORT);
else if (IGMP_V2_SEEN(in_dev))
